Attacks and solutions on a three-party password-based authenticated key exchange protocol for wireless communications

A secure authenticated key exchange protocol is an essential key to bootstrap a secure wireless communication. Various research have been conducted to study the efficiency and security of these authenticated key exchange protocol. A recent work by Lu et al. addresses the needs of a three parties secure communication by presenting a new protocol that claimed to be resistance against various attacks. However we found that their protocol is still vulnerable against an off-line password guessing attack. In this attack, an adversary can obtain the password of an user without any direct interactions with the server. To surmount such problem, we propose a new three-party password-based authenticated key exchange protocol. The security of our protocol are proved by the automatic cryptographic protocol tool proverif. The protocol presented is also more secure and efficient comparing with other similar protocols in the literature.